Re: Q: password generation

On 3 Jul 2009 19:41:37 GMT, Ilmari Karonen <usenet2@xxxxxxxxxxxxxx>

On 2009-07-03, Maaartin <grajcar1@xxxxxxxxx> wrote:

Random capitalization of any character would give me 20 bits (on the
5 4-character word passphrase), but it'd way harder to type (at
least for me) than your additional word.

More importantly, it would be much harder to *remember* which letters
you need to capitalize than to remember one or two additional words.

Or which of these passphrases (generated using a slightly smaller
dictionary of only 2354 words) would _you_ find easier to memorize:

a) "ramp true boat deem land card buoy" (7*11.2 = 78.4 bits), or
b) "iaMb Laid ZETA DiCK hOBO" (5*11.2 + 20 = 76 bits)?

Try it -- type both a few times, for practice, then go away for five
minutes and see if you can retype them exactly without looking.
I sometimes use a system of regular capitalisation across the phrase,
for example:

tramP kilLs stOat aFter Seven

xxxxX xxxXx xxXxx xXxxx Xxxxx

That makes it easier to remember where the capital letters go, though
it does reduce the entropy somewhat compared to random capitalisation.